TI Illustrates Car Security Threats

MADISON, Wis. — As a tech paper disclosing how to hack into the network of electronic control units (ECUs) was making rounds on the Internet, many readers, including those of this publication, expressed skepticism: Taking the time to open up a dashboard and physically connect hardware (a laptop) into the car stretches the definition of hacking.p>

True, but the point of the car-hacking demo pulled off by Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive wasn’t really about how they broke into a car. The focus of their exercise was the mischief that they -- attackers or corrupt ECUs -- are capable of doing after gaining access to the ECU network.

Automobiles today aren’t exactly designed to verify every CAN packet, to prevent someone with illicit access to a single ECU from gaining access to the whole network, or to refuse to process commands (injected by a corrupt ECU). The tech paper the two white hats put together illustrates that the automotive industry has a long way to go before it can write “monitoring and control applications” to help alleviate the threat to ECUs in its systems, Miller and Valasek wrote.

Certainly, not everyone in the automotive industry is dismissing the tech paper. The topic comes up in discussions with technology suppliers.

Texas Instruments isn’t taking it lightly, either.

Steve Reis, TI’s senior systems architect, infotainment processors, acknowledged that a TI engineer, for example, was at Def Con in Las Vegas last week attending the session in which Miller and Valasek disclosed details of the code and tools they used in car-hacking.

Aside from TI, Freescale Semiconductor, Infineon Technologies, and NXP Semiconductors have been all hot to trot carving out shares in the secure microcontroller market for automotive in recent months.

From mobile to automotive
Robert Tolbert, director of TI’s product-marketing/business development automotive infotainment processors, observed that the automotive industry today is probably where the mobile industry was seven or eight years ago.

Back in the early 2000’s, security wasn’t a top concern either for handset OEMs or cellular network operators. As more apps came online, digital rights management for video streaming came under scrutiny and mobile e-commerce proliferated. Secure processing became a concern for everyone in the mobile industry. That’s when TI’s M-Shield security -- used in OMAP-based mobile processors -- gained market traction, Tolbert noted.

TI’s move to turn to its mobile processor heritage to go after carmakers draws a sharp contrast to moves by its competitors such NXP, Infineon, and Freescale, who have all cut their teeth in developing secure solutions for smartcard chips and are now using that knowledge and expertise for their own automotive security solutions.

Noting that “a high level of security has not been the focus of [automotive] OEMs and tier ones for long time,” Tolbert believes the time is ripe for TI to bring its tried and vetted M-Shield security to the automotive industry. “As more and more cars are connected and consumers’ desire for Internet-based services rises, the need for firewalled access to buses and the ability to accommodate secure key generation over buses are becoming real issues for the automotive industry,” explained Tolbert. “Security cannot be an afterthought.”

@dvk0, well, certinaly this is a cool video. What it shows, though, is not necessarily an answer to the question whether a car or a ship can be hacked; it is about where the weak link resides within any system that an attacker can go after. In this particular case, it is clearly the GPS. In the case of cars, it wasn't GPS, but there are a number of other attack surfaces that researchers exposed.

May be you are right, but Cars are not being controlled by GPS. And Securing the car from all known threats it responsibility of the manufacturer, so this thread of security enhancement will any way continue.

Yes, It was a very good source of information, SHE (Secure Hardware Extension) and EVITA, are the emerging standards for Automotive Electronic Security, and it was a very surprising to me that virtually all the electronics giants are working on it name it a few like Mentor Graphics, Toshiba, Freescale, Renesas and the list continues.

You are right SHE enabled automotive electronics will be soon getting seen in the general automobiles.